CVE-2024-47604 XSS vulnerability in NuGetGallery HTML attributes handling

NuGet Gallery is a package repository that powers nuget.org. The NuGetGallery has a security vulnerability in its handling of HTML element attributes, which allows an attacker to execute arbitrary HTML or Javascript code in a victim's browser...

Information Disclosure

NuGet.org is vulnerable to information disclosure. The vulnerability exists in the ExecuteCommand function in SetApiKeyCommand.cs due to a lack of sanitization in api key which allows an attacker to get access to sensitive information...